Every year families around the globe have the Christmas cinematic ritual of watching the holiday favorite, Home Alone. They roar with laughter as they watch an 8-year-old child, left behind by his family at Christmas, defend the family home against two less than intelligent burglars.
Whilst the booby trap filled movie provides great enjoyment for viewers, the situation that Kevin McCallister found himself in, is a very real threat to many companies at this time of year. For those seeking to target what is most valuable within our businesses, diverted attentions and reduced staff levels can often provide the gift that no one wants to see under the tree.
A cyber attack can occur regardless of time, season and business cycle. It happens when we are lounging on a beach or enjoying our favorite sporting event. Business owners are likely to receive a call in coming weeks that their systems have been attacked and the outcome is not a positive one.
Even with the best solutions in place, events and significant losses occur because the client often does not know either where they are regarding the threat, or where they want to be after an event.
This post and Insight Global Risk will help you navigate this path.
What can be done?
It is all too easy to throw one’s hands in despair screaming ‘Why bother – I am going to be hacked regardless’. Whilst daunting, securing what is vital can be done with the right mindset and a ‘whole of business’ approach.
Creative and adaptive approaches can then be examined and applied in a structured and ultimately effective manner.
Better to have a solution before the office closes than not have an office to return to!
Here are a few steps to consider:
Recognise
- You are not immune from a Cyber attack – it is only the scale and severity that differs
- Simple reliance on purely technical solutions or hoping for the best will only go so far
- Where you are on the threat landscape. Business environments constantly change, all of which can cause your profile to be higher than you previously thought. This can be due to:
- Busy corporate activity (M&A, Reports of success and higher profitability);
- Expanded growth (particularly overseas);
- New products etc
- This landscape is also extremely dynamic and will rapidly change from what you thought were strong foundations
- What is important to your business.
Detailed business impact assessments:
- Identify not only what is important, but also what is their impact if lost;
- Indicate what is required to return to normal business operations; and
- Set a road map (via response plans) for the business to achieve the aim
Recalibrate
- Once any changes are identified and prioritised, this is the time to refine what technical measures and procedures are in place.
- Apply these changes within the framework of the changed security environment, thereby enabling their implementation in a far more effective and targeted manner.
- Develop, implement and maintain regular testing and reporting programs, that both informing key decision makers and enabling better operational outcomes.
Respond
- This is where the most effective outcomes can be obtained and felt the most; often representing the culmination of the efforts from previous stages.
- A tailored and planned response strategy will enable those within an organisation to:
- Be informed accurately;
- Decide quickly;
- Act appropriately; and
- Communicate effectively.
Through this approach, Insight Global Risk supports its clients as they travel on this journey.
Recently I was drawn to Corrs Chambers Westgarth Lawyers as an excellent example of the adoption of a similar ‘whole of business’ approach. Their innovative use of multi-disciplinary cyber security teams enables the effective management of Cyber events at all stages and at all levels.
The Cyber attack threat is difficult but it is also manageable. Through the application of a strategic and dynamic approach, it is hoped that for companies and their respective management teams, the only headache faced over the holiday season is that from one too many glasses of good cheer.